CVE-2026-24734 Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...

CVE-2026-24734

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...

CVE-2026-24734

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...

Wiz Named a Leader in The Forrester Wave™: Cloud Native Application Protection Solutions, Q1 2026

Forrester’s CNAPP evaluation rated Wiz with the highest Current Offering category score, which we believe reflects our commitment to protecting everything built and run in the cloud...

Qualys Recognized as a Leader in the 2026 Forrester Wave™ for CNAPP

Qualys’ Key Takeaways Qualys Named a Leader: Recognized as one of only three leaders in The Forrester Wave: Cloud-Native Application Protection Solutions CNAPP, Q1 2026. Unified Platform: “Qualys has been actively expanding its platform to cover CSPM, CIEM, and even SaaS security posture manageme...

Building the Future of Cloud Security: Rapid7 Recognized in Cloud Native Application Protection, Q1 2026

We are excited to share Rapid7’s recognition in The Forrester Wave™: Cloud Native Application Protection Solutions CNAPP , Q1 2026 1. We see this acknowledgment as a milestone that highlights our strategic evolution and continued drive to help security teams shift from reactive defense to...

IBM Concert 安全漏洞

IBM Concert is a new tool developed by the American international business company IBM. It utilizes generative AI to assist in managing complex cloud-native applications. Versions 1.0.0 to 2.1.0 of IBM Concert contain security vulnerabilities, which stem from improper file permission settings for...

IBM Concert 代码问题漏洞

IBM Concert is a new tool developed by the American international business machine IBM. It utilizes generative AI to assist in managing complex cloud-native applications. Versions 1.0.0 to 2.1.0 of IBM Concert contain code vulnerabilities that are susceptible to server-side request forgeing...

IBM Concert 跨站请求伪造漏洞

IBM Concert is a new tool developed by the American international business machine IBM. It utilizes generative AI to assist in managing complex cloud-native applications. Versions 1.0.0 to 2.1.0 of IBM Concert contain a cross-site request forgeing vulnerability. This vulnerability is exploitable ...

Apache Tomcat和Apache Tomcat Native 输入验证错误漏洞

Apache Tomcat and Apache Tomcat Native are both products of the Apache Foundation in the United States. Apache Tomcat is a lightweight web application server that supports Servlet and JavaServer Page JSP technologies. Apache Tomcat Native is a native component library. There is an input validatio...

Atlassian Jira Service Management Data Center and Server 5.12.0 < 5.12.26 / 5.13.x < 10.3.16 (JSDSERVER-16499)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16499 advisory. - Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition'...

The strategic SIEM buyer’s guide: Choosing an AI-ready platform for the agentic era

As the agentic era reshapes security operations, leaders face a strategic inflection point: legacy security information and event management SIEM solutions and fragmented toolchains can no longer keep pace with the scale, speed, and complexity of modern cyberthreats. Organizations can choose to...

The strategic SIEM buyer’s guide: Choosing an AI-ready platform for the agentic era

As the agentic era reshapes security operations, leaders face a strategic inflection point: legacy security information and event management SIEM solutions and fragmented toolchains can no longer keep pace with the scale, speed, and complexity of modern cyberthreats. Organizations can choose to...

IBM Concert Access Control Error Vulnerability (CNVD-2026-13787)

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. An Access Control Error vulnerability exists in IBM Concert that stems from a failure to disable a session after logging out, which could be exploited ...

@authnlabs/authn (>=1.0.10 <=1.0.18), @s-ui/sui-tool-app (>=1.5.0 <=1.27.0) potentially affected by unknown CVE via @capgo/capacitor-native-biometric (>=5.1.1 <=6.0.4)

@capgo/capacitor-native-biometric NPM version =5.1.1, =1.0.10, =1.5.0, =1.27.0 Source cves: unknown CVE Source advisory: OSV:GHSA-VX5F-VMR6-32WF...

Improper Authentication

Overview @capgo/capacitor-native-biometric is a This plugin gives access to the native biometric apis for android and iOS Affected versions of this package are vulnerable to Improper Authentication via the onAuthenticationSucceeded function. An attacker can gain unauthorized access by hooking and...

cap-go/capacitor-native-biometric Authentication Bypass

There is a potential issue with the cap-go/capacitor-native-biometric library. --- Summary The cap-go/capacitor-native-biometric library was found to be subject to an authentication bypass as the current implementation of the onAuthenticationSucceeded does not appear to handle a...

TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure

Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation. The activity, observed around December 25, 2025, and described as "worm-driven," leveraged exposed Dock...

openSUSE 16 Security Update : golang-github-prometheus-prometheus (openSUSE-SU-2026:20177-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20177-1 advisory. Update to version 3.5.0: Security issues fixed: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of...

React Native Community CLI Server API Node.js Package 4.8.0 < 20.0.0 Remote Code Execution (CVE-2025-11953)

The version of the React Native Community CLI Server API Node.js Package installed on the remote host is 4.8.0 prior to 20.0.0. It is, therefore, affected by a remote code execution vulnerability: - The Metro Development Server, which is opened by the React Native Community CLI, binds to external...